Commit graph

33478 commits

Author SHA1 Message Date
Andrew Walbran
8191dc07cc Add comment explaining why crosvm shouldn't be allowed to open files.
Bug: 192453819
Test: No code change
Change-Id: Iebaa1db2e8eed81122e64999ef58b728e1bf95cc
2021-12-24 13:13:53 +00:00
Treehugger Robot
afc596f8f8 Merge "Allow compos_fd_server to create artifacts" 2021-12-15 11:09:24 +00:00
Treehugger Robot
ac9f469ff0 Merge "Add rule for new gesture_prop." 2021-12-15 05:03:42 +00:00
Super Liu
078141a921 Add rule for new gesture_prop.
Bug: 209713977
Bug: 193467627
Test: local build and manual check.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: Ib1d2d6dcc7d6ddc6243c806a883d9252d7c081af
2021-12-15 09:32:01 +08:00
Alan Stokes
8dc7800578 Allow compos_fd_server to create artifacts
Previously this was always done by odrefresh. But now we are running
odrefresh in the VM we need to allow FD server to do it as its proxy.

Bug: 209572241
Bug: 209572296
Test: composd_cmd forced-oderefresh
Change-Id: I4bc10d6a3ec73789721a0541f04dd7e3865fe826
2021-12-14 16:06:31 +00:00
Jeff Vander Stoep
bc0fa66cbe Policy for using Apex sepolicy
Bug: 199914227
Test: aosp/1910032
Change-Id: I0726facbf0c28c486ef6501718a6013a040e4b0e
2021-12-14 13:54:03 +01:00
Treehugger Robot
5ca82c1645 Merge "Remove nonplat_sepolicy.cil from test" am: 3e1c3f7324
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918578

Change-Id: I172df62634fc43aaaa85087a8b6d89278eee8121
2021-12-14 01:58:33 +00:00
Treehugger Robot
3e1c3f7324 Merge "Remove nonplat_sepolicy.cil from test" 2021-12-14 01:44:23 +00:00
Inseob Kim
e3bc8ffa36 Remove nonplat_sepolicy.cil from test
Because it's out of the Treble window.

Bug: 210536608
Test: build
Change-Id: I96a068ad579d1e9a9353aac1438a894829741aad
2021-12-14 01:43:44 +00:00
Treehugger Robot
8d35437e6a Merge "[NC#2] clatd: allow clatd access raw and packet socket inherited from netd" am: 7c5faaf3d2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903466

Change-Id: Ia47f1a5558cad907d1800bab9a42c0decd41e5c8
2021-12-13 08:35:30 +00:00
Treehugger Robot
7c5faaf3d2 Merge "[NC#2] clatd: allow clatd access raw and packet socket inherited from netd" 2021-12-13 08:16:26 +00:00
Inseob Kim
f79a045530 Merge "Refactor sepolicy version related codes" am: 7b63c95fe1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916618

Change-Id: I3c3b4bfc416c64f837869b8a80e3876cbfef8865
2021-12-13 04:13:31 +00:00
Inseob Kim
7b63c95fe1 Merge "Refactor sepolicy version related codes" 2021-12-13 03:57:36 +00:00
Treehugger Robot
e197d7519c Merge "Add hal_vehicle_service for AIDL VHAL service." am: 885bc3ca66
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1914197

Change-Id: I2f992666b000f97efcf1e1a3df2b1ef40b26a1f5
2021-12-11 01:09:16 +00:00
Treehugger Robot
885bc3ca66 Merge "Add hal_vehicle_service for AIDL VHAL service." 2021-12-11 00:49:12 +00:00
Hungming Chen
cef08e5d58 [NC#2] clatd: allow clatd access raw and packet socket inherited from netd
Needed because the raw and packet socket setup are moved from
clatd to netd. Netd pass the configured raw and packet sockets
to clatd. clatd needs the permission to access inherited
objects.

Test: manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
   $ ping 8.8.8.8

Test:
Change-Id: If6479f815a37f56715d7650c714202fcc1ec466b
2021-12-10 20:42:00 +08:00
Inseob Kim
24e7cdabc7 Merge "Fix vendor contexts files in mixed build" am: 95249165b5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1914430

Change-Id: I8ad9a1f7086a5a98dffe0017fbfee92c0840b47c
2021-12-10 12:29:48 +00:00
Inseob Kim
95249165b5 Merge "Fix vendor contexts files in mixed build" 2021-12-10 12:13:36 +00:00
Alan Stokes
144edbc844 Merge "Revert "Revert "More neverallow rules""" am: 6e48ea981a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916483

Change-Id: I7e0f458fdffa5eeaf8a7049970949936c8227391
2021-12-10 10:42:44 +00:00
Alan Stokes
6e48ea981a Merge "Revert "Revert "More neverallow rules""" 2021-12-10 10:27:13 +00:00
Inseob Kim
ed2dc8c08e Refactor sepolicy version related codes
1. Move BOARD_SEPOLICY_VERS to build/make/core/config.mk where
PLATFORM_SEPOLICY_VERSION is set.

2. Remove hard-coded versions for the treble tests.

Test: build
Change-Id: I57178c9f213b089a276e35b8de1144665788e7ab
2021-12-10 09:36:58 +00:00
Joanne Chung
f9637630c6 Add rule for new system service am: eed1918f7f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1891636

Change-Id: I826fbfa08ebc3f898d9468380d70f8dd197650f6
2021-12-10 09:17:23 +00:00
Alan Stokes
9c2e162e87 Revert "Revert "More neverallow rules""
This reverts commit a0e49cea04.

Reason for revert: I don't think this was the culprit after all
Bug: 204853211

Change-Id: Iadc1c8df5ec2affcdbbf9e7bdc3eac54c47f4ebf
2021-12-10 09:06:08 +00:00
Joanne Chung
eed1918f7f Add rule for new system service
Update policy for new system service, used for Apps to present the
toolbar UI.

Bug: 190030331
Bug: 205822301
Test: manual. Can boot to home and get manager successfully.

Change-Id: Iee88681a93ae272a90896ccd2a6b64c26c809e82
2021-12-10 13:30:55 +08:00
Treehugger Robot
14c5d92e83 Merge "[NC#1] netd: allow netd to setup packet socket for clatd" am: f128becfa4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903465

Change-Id: I8f248bfd4876ea0e55ed774f726cf818ee66972c
2021-12-10 04:54:56 +00:00
Treehugger Robot
f128becfa4 Merge "[NC#1] netd: allow netd to setup packet socket for clatd" 2021-12-10 04:33:13 +00:00
Treehugger Robot
9f386d408d Merge "Add charger_vendor type" am: 0ce3e70c84
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1870393

Change-Id: Iea5151cd7c7c5e6cc810ee90a581f6897a1b8b5e
2021-12-10 02:38:24 +00:00
Treehugger Robot
0ce3e70c84 Merge "Add charger_vendor type" 2021-12-10 02:16:55 +00:00
Treehugger Robot
9ccdb85c22 Merge "Refactor Android.bp build modules for readability" am: 8bc0b04555
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916617

Change-Id: I4c6a05500cb43ac38a2f0e30292bb0c6d448e00f
2021-12-09 17:19:40 +00:00
Treehugger Robot
8bc0b04555 Merge "Refactor Android.bp build modules for readability" 2021-12-09 16:57:33 +00:00
Inseob Kim
0a707fadb2 Refactor Android.bp build modules for readability
When we compile sepolicy files into a cil file, we first gather all
sepolicy files to create a conf file, and then convert the conf file to
a cil file with checkpolicy. The problem is that checkpolicy is
sensitive to the input order; the conf file should contain statements in
a specific order: classes, initial_sid, access vectors, macros, mls,
etc.

This restriction has made Android.bp migration difficult, and we had to
create a magical module called "se_build_files" to correctly include
source files in the designated order. It works, but significant
readability problem has happened. For example, when we write
":se_build_files{.system_ext_public}", how can we easily figure out that
the tag actually includes plat public + system_ext public + reqd mask,
without taking a look at the build system code?

This change refactors the se_build_files module and se_policy_conf
module, so we can easily see the desginated files for each module, just
like we did in the Android.mk. se_policy_conf module now stably sorts
source files in an order which will make checkpolicy happy.
se_build_files module is also refactored, so one tag can represent
exactly one set of policy files, rather than doing magical works behind
the scene. For example, system_ext public policy module is changed from:

se_policy_conf {
    name: "system_ext_pub_policy.conf",
    // se_build_files automatically adds plat public and reqd mask
    srcs: [":se_build_files{.system_ext_public}"],
}

to:

se_policy_conf {
    name: "system_ext_pub_policy.conf",
    // se_policy_conf automatically sorts the input files
    srcs: [
        ":se_build_files{.plat_public}",
        ":se_build_files{.system_ext_public}",
        ":se_build_files{.reqd_mask}",
    ],
}

Bug: 209933272
Test: build and diff before/after
Change-Id: I97a76ed910645c1607d913fd646c27e87af0afd3
2021-12-10 00:31:53 +09:00
Alan Stokes
afa367c241 Merge "Revert "More neverallow rules"" am: c6c31eb7b3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916298

Change-Id: Idaf80901abe05efe6b303d4c9751df14b2734e80
2021-12-09 14:23:32 +00:00
Alan Stokes
c6c31eb7b3 Merge "Revert "More neverallow rules"" 2021-12-09 14:06:35 +00:00
Treehugger Robot
4f10fa72d9 Merge "Run Virtualization tests when we change microdroid policy" am: c9d812e359
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916299

Change-Id: I77ac14a0fc447c76fd362432d7121bf7c36c1440
2021-12-09 13:35:45 +00:00
Treehugger Robot
c9d812e359 Merge "Run Virtualization tests when we change microdroid policy" 2021-12-09 13:12:55 +00:00
Treehugger Robot
56d1b9e39a Merge "Remove obsolete TODO" am: 8a564d32b7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916038

Change-Id: Ice1abda99554c50c25137f360837dba0abd4f2e3
2021-12-09 12:13:08 +00:00
Treehugger Robot
8a564d32b7 Merge "Remove obsolete TODO" 2021-12-09 11:53:29 +00:00
Alan Stokes
fe9cfa610e Run Virtualization tests when we change microdroid policy
Bug: 204853211
Test: N/A
Change-Id: Ic5c921ad4980fb01e20a5765e5049812f6664dfb
2021-12-09 11:35:36 +00:00
Alan Stokes
a0e49cea04 Revert "More neverallow rules"
This reverts commit 72c0134384.

Reason for revert: Looks like this may have broken ComposHostTestCases
Bug: 204853211

Change-Id: I83816a49d3be056e4c9a718ea02911ca022cb984
2021-12-09 11:19:52 +00:00
Treehugger Robot
972c497ad8 Merge "Allow odrefresh to read from a pipe from compos" am: 3e664a0e6d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1915493

Change-Id: I2879f3285eb38a70c94eddbf4fb752adc6b67408
2021-12-09 10:11:36 +00:00
Inseob Kim
28d0530c35 Remove obsolete TODO
Bug: 208722875
Test: N/A
Change-Id: I7ac440164140d7b95a1a7674e219bf9c2b1b83bd
2021-12-09 19:05:54 +09:00
Inseob Kim
7174ffec38 Fix vendor contexts files in mixed build
BOARD_PLAT_VENDOR_POLICY should be used for all vendor stuff, when in
mixed sepolicy build (BOARD_SEPOLICY_VERS != PLATFORM_SEPOLICY_VERSION).
This fixes an issue that system/sepolicy/vendor has been incorrectly
used in mixed sepolicy build.

Bug: 205924657
Test: Try AOSP + rvc-dev mixed sepolicy build
1) copy cuttlefish sepolicy prebuilts from rvc-dev branch.
2) set prebuilt variables:
  - BOARD_PLAT_VENDOR_POLICY
  - BOARD_REQD_MASK_POLICY
  - BOARD_(SYSTEM_EXT|PRODUCT)_PRIVATE_PREBUILT_DIRS
  - BOARD_SEPOLICY_VERS
3) lunch aosp_cf_x86_64_phone-userdebug; m selinux_policy
4) compare $OUT/vendor/etc/selinux with rvc-dev's artifacts.

Change-Id: I2ed1e25255c825c24dab99ae4903328b0400c414
2021-12-09 19:03:35 +09:00
Treehugger Robot
3e664a0e6d Merge "Allow odrefresh to read from a pipe from compos" 2021-12-09 09:45:30 +00:00
Treehugger Robot
dff2dc8e4f Merge "More neverallow rules" am: ff77fc8072
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1914670

Change-Id: I223b0718fb618ff45d886e0550cb80540fac137d
2021-12-09 09:24:56 +00:00
Treehugger Robot
ff77fc8072 Merge "More neverallow rules" 2021-12-09 09:00:17 +00:00
Chris Weir
e2040a2f81 Merge "Give Netlink Interceptor route_socket perms" am: b7ed015cd8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1907018

Change-Id: I73cc3ce85d4de095417de3124b37bfc509d894af
2021-12-09 02:07:59 +00:00
Chris Weir
b7ed015cd8 Merge "Give Netlink Interceptor route_socket perms" 2021-12-09 01:52:32 +00:00
Victor Hsieh
1494f6b9a5 Allow odrefresh to read from a pipe from compos
This is copied from dex2oat.te. By using minijail, the child process
currently requires to communicate with the parent by a pipe, before
actually exec'ing the executable.

Bug: 205750213
Test: no longer see the avc error
Change-Id: I4d59fc8d32150d9e08abba06203eb5164ecd3c75
2021-12-08 15:00:22 -08:00
Alan Stokes
d747eafec0 Restrict making memory executable am: 26239da92b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1913889

Change-Id: Ic8f96d61b66ad2212723baa39332991cedf2af3c
2021-12-08 16:36:37 +00:00
Alan Stokes
72c0134384 More neverallow rules
When we cut down microdroid policy we removed a whole lot of
neverallow rules that were in public/domain.te. Many of these are
irrelevant, but there are some that look quite important. So this CL
restores many of them. This makes no immediate difference (none of
these rules are currently violated, except as mentioned below), but it
might catch mistakes, or at least make us stop and think before
introducing potentially risky policy changes.

Process:
- Paste in all the neverallow rules from public/domain.te in Android
  policy.
- Delete all references to non-existent labels.
- Delete everything makred full-trebly-only,

I also deleted some attributes we clearly don't need, and hence
associated neverallows. (I suspect there are more attributes we could
remove.)

And then I fixed a neverallow violation for microdroid_payload - we
were allowing it unrestricted ioctl access.

Bug: 204853211
Test: Policy builds without error
Test: No denials running composd_cmd forced-compile-test
Change-Id: I21035dee93a881b34941338cc7ce82503cc65e59
2021-12-08 14:56:45 +00:00